• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2534
  • Last Modified:

Windows SBS 2003 administrator password breaker

I have a windows 2003 Small business server (which means it is a domain controller), administrator user cannot login, it gives the error that "the system could not log you on.  Make sure your username and domain are correct ......"  Same error for remote desktop attempts.

I have used a few password breakers to try to reset the administrator account, but I keep getting the same login error message, even though the password breakers finish normally.  I have used these breakers before with non-domain servers and have had good luck.

This is why I think it is a password issue, the administrator was logged in at the console and the screen saver comes on as usual.  You could log in again using ctrl-alt-del and the "known" password to get past the screen saver password.  I tried to access the server remotely to check why the backups had been failing, but I could not login.  In hindsight, I think the backups stopped because the password had been changed and the reason the local console could login was because it was the cached screen saver password.

When I rebooted the server to try to clear the issue, it no longer would let me login, locally or remotely.  Again in hindsight, had I known that the password was changed, I would have changed it before rebooting the server.  I don't know how the password could get changed but I believe it was done through remote desktop since the screen saver locally was still the "known" password.  It may be a hack and I am looking at the router logs to determine that.  The server runs fine and shares files and everything else it is suppose to do.

Can anyone suggest how I can get into the server as the administrator with a password breaker that works on domain controllers?  I don't have another user that is an administrator.

Thanks
0
mstefani
Asked:
mstefani
  • 5
  • 4
  • 3
  • +3
1 Solution
 
KCTSCommented:
Look like someone hacked your server and changed the password. You could try http://www.petri.co.il/reset_domain_admin_password_in_windows_2000_ad.htm but it might not work in 2003 as MS upped the security.

Chances of recovery ... minimal ... if windows security was that east to break there would be little point to it.
0
 
bkellyboulderitCommented:
Ouch. Well if it helps, a client had corrupt backup, and corrupt hardware. Couldn't fix server there either.
Did you try ERD commander?
Also, try this thread.
http://forums.msrportal.com/archive/index.php?t-7850.html

0
 
Jay_Jay70Commented:
0
Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Don't you have any other accounts configured as members of the Domain Admins group?  (such as your own)?

If so, use that account to log in and then change the administrator account password.  However, to keep that synched, log out and then log back in with the Administrator Account and change the password again using CTRL-ALT-DEL > Change Password.

You might also need to reset the authoritative account username/password on the DHCP Scope as well to make sure it matches.

Jeff
TechSoEasy

0
 
KCTSCommented:
>> I don't have another user that is an administrator <<

Its always a mistake to have only one adminidtrator account for the reasons you have discovered. - .

Your data could be recovered by placing the drive in another machine as a secondary drive, copyiing and taking ownership of the data.

I'm not very optomistic of a solution without resorting to recovery specialists and commiting to significant cost.
0
 
Jay_Jay70Commented:
""I'm not very optomistic of a solution without resorting to recovery specialists and commiting to significant cost.""

Thats a pessimistic approach. Look through the site and you will see plenty off occurences of the domain admin account being reset.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Since I missed the "I don't have another user that is an administrator" line, I'll make this suggestion...

Create a UBCD4Win Boot CD (from http://www.ubcd4win.com) and then boot the SBS off of that.  Then, you can use one of it's included tools, Sala Password Renew, to create a NEW Administrator level account so you can then follow my suggestion posted above.  There are also tools to allow you to change the current Administrator password, but I don't recommend that you use those.  

I've done this before on an SBS and it works just fine.  Of course, with anything like this, you should always perform a full backup first.

Jeff
TechSoEasy
0
 
mstefaniAuthor Commented:
Thanks for all of the suggestions, but none of them worked.  I think it maybe that the password was not changed but that the number of login attempts was set to 0.  The reason for this thought is that when I use my normal password breaker that I have used on win2k, xp etc, it shows number of attempts as 0 and it never clears the 14 bad attempts.

Is there such a thing as setting the login attempts to 0 before locking the account?  If so, how do I change it?  I cannot get into directory restore mode because the local admin has been tried 14 times and it won't reset.

thanks,
Mike
0
 
KCTSCommented:
The AD restore password does not lockout so this is not the issue.
As I said at the very first post. Chances of recovery ... minimal ... if windows security was that east to break there would be little point to it.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
How can none of the suggestions work?  You tried creating a NEW Administrator account using UBCD4Win?

Jeff
TechSoEasy
0
 
Jay_Jay70Commented:
usual password breaker tools will fail as they cant hit AD accounts....
0
 
mstefaniAuthor Commented:
To Jeff, the ubcd4win says it works with winxp, there were no instructions for SBS 2003, so I did not try that one.  I will try it now.  I assume that when it wants the windows xp CD during the creation of the cd, I should really put in the sbs #1 cd?  Or, maybe even a server 2k3 cd.

I will try this today.

Mike
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
I've created UBCD4WIN cd's with both WinXP as well as Server 2003 (using the full download of Windows Server 2003 SP1 which is actually the full server installation -- http://www.microsoft.com/downloads/details.aspx?FamilyId=22CFC239-337C-4D81-8354-72593B1C1F43&displaylang=en)

It really doesn't matter which you use since Server 2003 is really just XP Server.

Jeff
TechSoEasy
0
 
mstefaniAuthor Commented:
Hi all,  none of the solutions worked, that ubcd would not create a cd.  it kept giving me errors, so I gave up and whacked the server and reloaded.  Thanks for all of the attempts.
Mike
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Well, UBCD doesn't "create a cd" just by itself... it's a tool to help you BUILD a BOOT CD.  You needed to read and follow the instructions provided on their site.

Jeff
TechSoEasy
0
 
mstefaniAuthor Commented:
hi all, getting back to you a few months later.  The UBDC would create a CD for XP but not 2003.  

Thanks for all the good suggestions.  I love this site
0
 
pro-pcCommented:
I have a customer with a situation nearly identical to the above thread. I have some additional information for the forum. I have discovered that the administrator password in my case has not been changed, but rather is just not recognized by the logon service. I know this to be true, because I can access the recovery console with the administrator password to gain access to the windows directory. With this knowledge, I utilized the UBCD4WIN to attempt a new password. The process appeared to work, but it did not actually change anything. I also tried to create a new administrator account again with an appearant success but actually no change was recorded. I have attempted to reinstall SBS in repair mode and tried to recover the Active Directory in safemode with no success. It seems that Microsoft has built a tidy hole in the ground that traps the user and not the peretrator. By the way, the administrator password failed on Friday the 13th. I this a serious security threat or just a fluke?
 
 

Edited by TechSoEasy -- EE's Microsoft Zone Advisor:
Please see related question: http:Q_24163647.html
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 4
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now